1

I'm trying to get a serial number ( like $ssl_client_serial in nginx ) certificate without the private key and I don't know how to do it.

I have drawn a scheme:

client <- HTTPS -> HAproxy or Nginx without private key <- HTTPS -> server application with the private key

How would I get the serial number ( like $ssl_client_serial in nginx ) certificate without a private key?

Anton Patsev
  • 111
  • 3
  • 3
    Welcome to the site. Please edit your question to make it clear for us what you are asking. Also please consider what [SHA1](https://en.wikipedia.org/wiki/SHA-1) is. (Hint: it has nothing to do with a serial number.) – Tom K. Apr 06 '18 at 13:24
  • Your previous schema was to hash private key is use it as a unique serial number. If your certificate contains public key of that corresponding private key, it's also unique. You can hash it, too. Also I think there is better way to deal with it as your certificate is signed you can put there a serial number and after certificate validation use that id. The issue all this doesn't prove your certificate is bind with your device. – VovCA Apr 06 '18 at 18:52
  • (@VovCA) In fact SHA1 of the publickey value is used as [a common key identifier in PKIX certificates](https://tools.ietf.org/html/rfc5280#section-4.2.1.2) – dave_thompson_085 Apr 07 '18 at 03:12
  • (@dave_thompson_085l) Dave, I agree with you, thanks for your link it has sense. The only thing if Serial Number should be serial, pseudo random value may be less convenient, although topic starter is ok with that. – VovCA Apr 09 '18 at 23:27
  • Hello! Sorry, I misspelled the question. So I will make a clarification in the question I removed SHA and added ( like $ssl_client_serial in nginx ) to question. i don`t understand about "common key identifier in PKIX certificates ". Please tell me the practical implementation of the verify the serial number without the private key – Anton Patsev Apr 10 '18 at 05:22

0 Answers0